Security
Report security issues privately first.
Cosmos handles developer data, local indexes, and optional cloud flows. If you find a vulnerability, please give Atitechs a chance to investigate before publishing details.
- Contact
- cosmos@atitechs.com
- Product
- Cosmos
- Preferred channel
- Email with reproduction steps
What to include
- Affected Cosmos version and operating system.
- Clear reproduction steps, expected behavior, and actual behavior.
- Impact assessment: what data, permission, or boundary is affected.
- Whether the report involves account, backup, MCP, local file, or runtime capture behavior.
What not to send
- Do not send source code or private data that is not required to reproduce the issue.
- Do not publicly disclose exploit details before Atitechs has had time to respond.
Scope
The current public scope is the Cosmos demo app, docs site, MCP integration behavior, and official download/update flows. Third-party AI clients and operating systems are outside Atitechs control unless the issue is caused by Cosmos configuration.